Forge Home


Very simple lightweight virtual user management module


7,891 latest version

3.3 quality score

Version information

  • 0.0.3 (latest)
  • 0.0.2
  • 0.0.1
released Oct 17th 2015

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jethrocarr-virtual_user', '0.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jethrocarr-virtual_user
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jethrocarr-virtual_user --version 0.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



jethrocarr/virtual_user — version 0.0.3 Oct 17th 2015


A very simple lightweight user module. You've seen this module before, pretty much every Puppet-using site ends up with some form of this, mine is shared for reference if you wish to use it.


Basic Usage

The way to use this module is always to invoke the virtual_user resource as a virtual and then "realize" it on the systems you want the user accounts on.

At it's simpliest, you can define a user account as per the following example:

# Define virtual user Jane. This means Jane won't be applied, unless we
# realise her later on.
@virtual_user { 'jane':
  uid           => '1000',
  groups        => ['wheel'],
  password_hash => 'hash',
  ssh_key_pub   => 'longkeyislong',
  ssh_key_type  => 'ssh-rsa',
  tags          => ['soe'],

# Here we "realize" any user whom includes the tag of SOE, this will catch
# our Jane example from above and ensure she has an account on this server.
Virtual_user <| tags == soe |>

If you want to do more complex things or tinker, check out the manifests/init.pp file for the full list of params, we make some assumptions by default, such as creating the home directory and purging any other SSH authorized keys that aren't explicity configured.

Hiera Example

If you're using Hiera (recommended) then you can easily define all the user accounts in Hiera and use a couple lines in a Puppet manifest to generate all the virtual users from that.

The following is an example of inheriting data from Hiera with the Puppet manifest:

# Generate all users from Hiera data
create_resources("@virtual_user", hiera(virtual_users))

# Realize the SOE users here.
Virtual_user <| tags == soe |>

The following is the associated example Hiera configuration:

    uid: 1000
     - wheel
    password_hash: >
    ssh_key_pub: >
    ssh_key_type: ssh-rsa
     - soe

Note the use of the > charactor with password_hash and ssh_key_pub, this allows you to split the long hash and SSH key strings across multiple lines if desired to keep things tidier/more readable.

Additional Tips

If you don't have existing password hashes handy and wish to use them (eg you plan to do PAM auth for non-cert based services like Apache), you can use the unix-crypt gem ( to generate suitable password hashes for user accounts.

If you wish to learn more about virtual resources, refer to:


Requires stdlib, no others.